On January 28, attackers stole more than $80 million from Binance Smart Chain-based Qubit Finance.
Qubit Finance announced this attack on its official Twitter.
Addresses connected with the attack indicate that 206,809 BNB were stolen from Qubit’s QBridge protocol. According to security firm PeckShield, the stolen assets are worth more than $80 million.
The attacker called the QBridge deposit function on the ethereum network, which calls the deposit function QBridgeHandler.
QBridgeHandler should receive the WETH token, which is the original tokenAddress, and if the person who performed the tx does not have a WETH token, the transfer should not occur.
tokenAddress.safeTransferFrom(depositer, address(this), amount);
In the code above, tokenAddress is 0, so safeTransferFrom didn’t fail and the deposit function ended normally regardless of the amount value.
Additionally, tokenAddress was the WETH address before depositETH was added, but as depositETH is added, it is replaced with the zero address that is the tokenAddress of ETH.
In summary, the deposit function was a function that should not be used after depositETH was newly developed, but it remained in the contract.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews
Follow CoinCu Youtube Channel | Follow CoinCu Facebook page
Hazel
CoinCu News
Qubit Finance Qubit Finance Qubit Finance
George Town, Grand Cayman, 22nd November 2024, Chainwire
Inflation Warning by Vanguard highlights risks during Trump’s term, citing tariffs and tighter labor markets…
Clanker token trading volume hit $59.8M on Nov 21, accounting for 14.75% of PumpFun. Fee…
Bitcoin Spot ETF inflows hit $1.005B on Nov 21, led by BlackRock’s $608M and Fidelity’s…
Discover the success story of a New York tech entrepreneur who made $72M from a…
Discover the best cryptos to buy and hold today: Qubetics leads with 1000x potential, Ethereum…
This website uses cookies.